Security

The Roster Volunteers online system is very secure. The user interface is configured to only show what the user has access to, and there are several redundant back end checks in order to ensure that functions can only be accessed by users of the appropriate level. The entire site uses only trusted https protocol with secure Comodo® SSL Certificate. Passwords are only stored in encrypted form and cookies use a 64-bit cypher so the encrypted information is even more protected.

System emails may include auto-login links, which in itself can be a security risk. In order to minimize this risk, all auto-login links are generated using a unique SHA256 encryption algorithm and can only be used once. For security reasons, auto-login links are omitted from system emails to Level 2 users (Leaders) and above.

In order to prevent accidental spamming, mass Reminder emails can only be sent out once. This means that if one Supervisor sends out a reminder email for certain dates then noone can send out another mass Reminder email for those same dates. Also, whenever a Request email is sent the system will show which Supervisor sent the most recent Request emails, who they were sent to and when they were sent. The entire detailed Request email history can be easily accessed before sending out an email requesting availability.